Matthew D. SarrelBlink Professional Edition 3.5The company known for high-quality vulnerability assessment tools provides a workstation protection suite that includes a great firewall and good intrusion prevention. Virus and spyware protection are only so-so, but it's all wrapped up in an elegant GUI.

The company known for high-quality vulnerability assessment tools provides a workstation protection suite that includes a great firewall and good intrusion prevention. Virus and spyware protection are only so-so, but it's all wrapped up in an elegant GUI.

Businesses spend hours (or in the case of enterprises, days) each month on tasks like updating signature files for software firewalls, anti-malware, and more, as well as on testing for vulnerabilities in software and hardware. Blink Professional Edition 3.5 seeks to speed security evaluations and protect workstations by offering vulnerability assessment (not patching, however), intrusion prevention, virus and spyware protection, and data loss preventiona tough assignment, but the software rises to the challenge.

I installed Blink on an unpatched version of Windows XP Pro to measure the software's ability to detect and protect against vulnerabilities. Blink has a very small footprint (CPU utilization, disk space, memory)a major advantage in this category, where competitors are typically getting more and more bloated. The first thing I noticed was the intuitive interface that elegantly displays top-level menu choices and then allows you to drill down to specific areas of functionality. Compared with other desktop security suites Blink is refreshing in the almost Taoist balance the interface strikes between ease of use and granularity. Of its main competitors, Symantec End Point Protection 11 comes the closest to achieving this balance. The main componentsthe Firewall, Virus and Spyware Protection, Intrusion Prevention, Vulnerability Assessment, and System Protectionshow on the Blink Home Page. Clicking on any component brings up the settings and status for it. You can also select options in the top menu to see program-wide settings.

I ran a vulnerability assessment, which came back with 102 high alerts, 60 medium, 29 low, and 9 informationala reasonable amount for a six-year-old OS. The list prioritizes vulnerabilities in order of severity (a good thing, because on unpatched XP Pro the list is many pages long), and I found it easy to navigate. You see basic information along with links to more info and patches. Blink itself can't download and apply those patches, but it can tie into other patch-management software, such as that offered by BigFix, to do this.

To test the intrusion-prevention features, I ran Metasploit on the unpatched XP machine and launched several buffer overflow attacks as well as specific attacks against Internet Explorer. Without Blink, these attacks surely would have succeeded; with Blink, they were stopped dead in their tracks.

After the stellar performance of the intrusion prevention module, Blink's antivirus and antispyware capabilities were somewhat of a disappointment. I was able to download five keyloggers, two rogue programs, three adware samples, three instances of spyware, two Trojan horses, and four viruses. A manual scan of the now-infected system quarantined all the samples of rogue software, Trojans, and viruses, but none of the others. After the scan, I was able to install three of the keyloggers, one rogue program, and one piece of adware. Blink's fair AV/AS capabilities detract from the product's overall competency as a security suite and place it in the middle of the road compared with other business solutions.

In contrast, Symantec Endpoint Protection 11 (EPP 11), a PC Magazine Editors' Choice, blocked six of six attempted virus downloads via HTTP, even detecting my test virus within a ZIP file. It also blocked six of eight attempted keylogger downloads, and though it let me install the two that slipped by, it later detected one through a routine scan and removed it. EPP 11 blocked all seven attempted Trojan downloads and eight of ten spyware downloads, but did allow me to install the two that got through (subsequently removing one).

Blink offers protection against data loss by letting you allow or deny reads from and/or writes to removable storage devices. This is a good feature, but you can implement it only on a global basisblocking all removable devices, or none. The feature lacks the granular control of Symantec Endpoint Protection 11 and SkyRecon StormShield, both of which let you allow or deny specific types of media and, in some cases, specific actionsfor example, permitting reads from but not writes to removable media.

Blink Pro is a strong offering for businesses looking for software firewall and intrusion prevention. The included REM management console makes it easy to push policy to multiple workstations. The product is sufficiently complex for you to want to have a knowledgeable IT staffer to configure and manage it. One suggestion might be to run Blink for intrusion prevention, firewall, and data loss prevention services and to supplement it with a more reliable AV/AS solution.

Blink Professional Edition 3.5

good

Bottom Line: The company known for high-quality vulnerability assessment tools provides a workstation protection suite that includes a great firewall and good intrusion prevention. Virus and spyware protection are only so-so, but it's all wrapped up in an elegant GUI.

Read More

About the Author

Matthew D. Sarrel, CISSP, is managing director for CMG, a worldwide organization of IT performance and scalability professionals. He is also a technical marketing consultant and technical writer. To read his opinions on games please browse http://games.mattsarrel.com and for more general information on Matt, please see http://www.mattsarrel.com

Blink Professional Edition 3.5

Blink Professional Edition 3.5

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.